Feature/improve permission handling and management

[redneck-f25]

Resolves #6890

Sorry this PR has a bunch of commits and changed files. While working on the main issue, I found some minor issues... :-)

Changes

• Add option to skip agent signing while debugging ( add "env": { "MESHCENTRAL_DEV_NO_AGENT_SIGNING": "1" } to launch configuration)
• Fix type of default value for domains.ID.desktop.viewonly
• Improve error message when execution the plugin serveraction fails
• Fix rights check to let admins edit permissions in the tables, now an admin can edit the permissions of the link from both sides
• Add properties to domain config
  • applyFeaturePermissionsToRouterAndWebTools
  • novncargs
  • novncViewOnlyPort
• Add right const MESHRIGHT_HIDERDPSESSIONS = 0x00400000; // 4194304
• Add feature set features3
  • if (domain.applyfeaturepermissionstorouterandwebtools !== false) {features3 += 0x00000001; }
• Hide RDP sessions from Dektop | Connect if MESHRIGHT_HIDERDPSESSIONS is set
• Deny RDP and redirect VNC/RFB if MESHRIGHT_REMOTEVIEWONLY
• Refuse cookies for Web-RDP (viewonly) and Web-SSH (noterminal) for unprifileged users
• Configurable url arguments for Web-RDP. -VNC and -SSH. No need to update the handlebars if arguments chage.
• Hide contextmenu entries Web and MeshRouter links for unprivileged users
• Add Limited Input Only to user features

default{,3}.handlebars

Following the diff of the diffs against 88a765b

--- views/default.handlebars.patch	2025-03-17 07:37:09.189117468 +0100
+++ views/default3.handlebars.patch	2025-03-17 07:37:18.349060595 +0100
-diff --git a/views/default.handlebars b/views/default.handlebars
---- a/views/default.handlebars
-+++ b/views/default.handlebars
+diff --git a/views/default3.handlebars b/views/default3.handlebars
+--- a/views/default3.handlebars
++++ b/views/default3.handlebars
--                        var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + (message.localRelay?'local':'mesh') + 'relay.ashx%3Fauth%3D' + message.cookie + '&show_dot=1' + (urlargs.key?('&key=' + urlargs.key):'') + '&l={{{lang}}}';
+-                        var vncurl = window.location.origin + domainUrl + 'novnc/vnc.html?ws=wss%3A%2F%2F' + window.location.host + encodeURIComponentEx(domainUrl) + (message.localRelay ? 'local' : 'mesh') + 'relay.ashx%3Fauth%3D' + message.cookie + '&show_dot=1' + (urlargs.key ? ('&key=' + urlargs.key) : '') + '&l={{{lang}}}';
--                        var rdpurl = window.location.origin + domainUrl + 'mstsc.html?ws=' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'');
+-                        var rdpurl = window.location.origin + domainUrl + 'mstsc.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '');
--                        var sshurl = window.location.origin + domainUrl + 'ssh.html?ws=' + message.cookie + (urlargs.key?('&key=' + urlargs.key):'');
+-                        var sshurl = window.location.origin + domainUrl + 'ssh.html?ws=' + message.cookie + (urlargs.key ? ('&key=' + urlargs.key) : '');
-+            x += '<label><input type=checkbox onchange=p20validateAddMeshUserDialog() id=p20hiderdpsessions style=margin-left:12px>' + "Hide RDP Sessionss" + '</label><br>';
++            x += '<label><input type=checkbox class="form-check-input me-2" onchange=p20validateAddMeshUserDialog() id=p20hiderdpsessions style=margin-left:12px>' + "Hide RDP Sessionss" + '</label><br>';
--                    if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + mesh.name + '</a>'; } else {}
-+                    if (mesh) { meshname = '<a href=# onclick=\'gotoMesh("' + mesh._id + '");haltEvent(event);\'>' + mesh.name + '</a>'; } else { }
-+            x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag12 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00001000) ? 'checked' : '') + '>' + "Limited Input Only" + '</label><br></div>';
-+            x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag13 onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00400000) ? 'checked' : '') + '>' + "Hide RDP Sessions" + '</label><br></div>';
++            x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag12 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00001000) ? 'checked' : '') + '>' + "Limited Input Only" + '</label><br></div>';
++            x += '<div style=margin-left:16px><label><input type=checkbox id=d20flag13 class="form-check-input me-2" onchange=p20edituserfeaturesValidate() ' + ((removeRights & 0x00400000) ? 'checked' : '') + '>' + "Hide RDP Sessions" + '</label><br></div>';

[si458]

i think this PR needs splitting up as the is SO MUCH you have changed and is all confusing to following!
also the MESHCENTRAL_DEV_NO_AGENT_SIGNING is a good idea!
but maybe we could set it as an option inside of settings in config.json rather than an environment variable

[marclaporte]

@redneck-f25 Thank you for your contribution.

Any chance you could split in distinct PRs?
https://en.wikipedia.org/wiki/Atomic_commit#Atomic_commit_convention

[silversword411]

just a typo :)

Why is the schema have the hide RDP default of true?

Where's the default config file that's used during install?

[silversword411]

Typo

[DaanSelen]

What is preventing this from being merged? For clearance?